=== Arm64 improvements

Links: +
link:https://reviews.freebsd.org/D31261[Pointer Authentication Review] URL: link:https://reviews.freebsd.org/D31261[https://reviews.freebsd.org/D31261]

Contact: Andrew Turner <andrew@FreeBSD.org>

FreeBSD has been ported to the Arm Armv8-A Architecture Envelope Model (AEM), an
Armv8 architecture simulator. AEM is useful for Armv8 development and testing,
because it supports different configurations, including the ability to enable or
disable different extensions. As part of this work, the virtio legacy pci
driver was fixed and ACPI resource parsing code was updated to work with the
ACPI tables that the model provides.

Libmd(4) has been updated to use the sha256 instructions when available. This
can lead to a large performance improvement when these instructions are
available. For example, on the Apple M1 under a hypervisor, the time to
calculate the sha256 of a 1GB file has decreased from a median of 3.46s to 0.5s.

Using an ifunc (indirect function) in a static binary is now supported. This will allow
different implementations of a function to be used depending on which hardware
it is being run on. Using an ifunc in dynamic binaries was already
supported.

The arm64 ID register definitions have been updated to match the Armv8.5
specification and other special registers have been updated to the Armv8.7 spec.

There have been numerous cleanups in decoding the arm64 ID registers in the
kernel to ensure we provide a consistent view of the hardware to userspace if it
reads the emulated ID register directly, or uses an ELF HWCAP value.

There has been early work on supporting the Arm Reliability, Availability, and
Serviceability (RAS) extension. The external aborts it may use are now handled
in the kernel.

Support for the Arm Pointer Authentication extension is under review. This
extension allows programs to use new instructions that add a hash to unused bits
in a code or data pointer. They can then later check the hash in a way that will
either, depending on the CPU, create an invalid pointer or raise an exception.
This can be used to protect the function return address from being overwritten,
making Return Oriented Programming (ROP) attacks difficult. The change supports
both userspace and kernel pointer authentication. It is waiting on debugger
changes to be sent upstream so lldb can clear the hash when needed, e.g., in a
stack trace.

Work has started on supporting the Branch Target Identification extension. This
adds a flag to the page tables to disallow unintended targets from some branch
instructions. When a CPU branches to a new location from a register, the CPU
will check if the instruction is correct. This will protect, e.g., against a
function pointer being called when it points to the middle of a function. The
kernel has been built with this feature enabled and tested in the Arm AEM.

Sponsor: The FreeBSD Foundation
